Bug 1442840
| Summary: | dbus.exceptions.DBusException: org.freedesktop.PolicyKit1.Error.Failed: Action org.fedoraproject.FirewallD1.config.info is not registered | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Scott Dodson <sdodson> | ||||||
| Component: | polkit | Assignee: | Polkit Maintainers <polkit-devel> | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 7.3 | CC: | brian.murrell, fsumsal, jdy, sallysocial-int, todoleza, twoerner | ||||||
| Target Milestone: | rc | Keywords: | Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2021-01-15 07:34:08 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Scott Dodson
2017-04-17 18:02:02 UTC
Finally I have been able to reproduce this. It is a polkit issue. Created attachment 1273300 [details]
Reproducer script
1) Install 7.3 server minimal
2) Uninstall firewalld: rpm -e $(rpm -qa "*firewall*")
3) Install iptables-services
4) Enable and start iptables services: systemctl enable iptables ip6tables; systemctl start iptables ip6tables
5) Download the firewalld packages: firewalld-0.4.3.2-8.1.el7_3.noarch.rpm, firewalld-filesystem-0.4.3.2-8.1.el7_3.noarch.rpm and python-firewall-0.4.3.2-8.1.el7_3.noarch.rpm
6) Start script where rpms are located
Most likely the reproducer can be reduced to only do the firewalld installation, start and deinstallation.
Reassigning to polkit. We are seeing this occasionally/intermittently also. But we don't install/remove iptables-services. And it appears to happen even when previous firewall-cmd invocations were successful without any stop/start between. I will try to collect more data. Created attachment 1274388 [details]
Just hammer the PolkitBackndActionPool reload code
Thomas, is this _consistently_ reproducible using the above script? A single run didn’t do it for me.
I _was_ able to reproduce a failure to look up using the attached script…
… but it is not _yet_ clear to me that with either of the reproducers this is a real bug and not just an ~inherent race condition: polkit uses a GFileMonitor watch to notice new files being installed, and to load them, but there is no practical mechanism for callers to wait until that happens (the caller would have to restart polkitd, which is undesirable because it loses state).
So, it is possible _in principle_ that with these reproducers we are only encountering a race condition (more likely with my reproducer than with yours, because the RPM one does so much more and gives polkitd so much more opportunity to catch up).
OTOH this race condition is unlikely to apply to the original bug report, at least assuming the host / storage is mostly idle during the "sleep 10" (which neither of our reproducers has).
Still investigating…
For reference, I have filed bug 1449754 to modify firewalld packaging so that it doesn’t configure duplicate polkit action IDs. *** Bug 1436964 has been marked as a duplicate of this bug. *** I am using Fedora 26, I have I think the same issue here. Firstly firewalld service didn't work, it asked for "cockpit" after I installed it, the firewalld service it looks working, but when I try to do anything with it, like sudo firewall-cmd --list-all I get an error, which says: ERROR:dbus.proxies:Introspect error on :1.84:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.PolicyKit1.Error.Failed: Action org.fedoraproject.FirewallD1.info is not registered Error: Action org.fedoraproject.FirewallD1.info is not registered Jalal, please file a separate bug against Fedora; a RHEL fix is not going to change Fedora. Besides, Fedora is already using polkit-0.113, which contains the fix being considered in this report. Miloslav, Okay, I will, thank you. By the way with polkit-0.113-15 the issue still there with Fedora I am getting this after upgrading from Fedora 27 to Fedora 29. [root@server ~]# firewall-cmd --zone=trusted --list-all Error: Action org.fedoraproject.FirewallD1.config.info is not registered After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |